Symantec 250-441 Administration of Symantec Advanced Threat Protection 3.0 Online Training
Symantec 250-441 Online Training
The questions for 250-441 were last updated at Nov 19,2024.
- Exam Code: 250-441
- Exam Name: Administration of Symantec Advanced Threat Protection 3.0
- Certification Provider: Symantec
- Latest update: Nov 19,2024
What is the second stage of an Advanced Persistent Threat (APT) attack?
- A . Exfiltration
- B . Incursion
- C . Discovery
- D . Capture
Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an endpoint?
- A . System Lockdown
- B . Intrusion Prevention System
- C . Firewall
- D . SONAR
An Incident Responder wants to create a timeline for a recent incident using Syslog in addition to ATP for the After Actions Report.
What are two reasons the responder should analyze the information using Syslog? (Choose two.)
- A . To have less raw data to analyze
- B . To evaluate the data, including information from other systems
- C . To access expanded historical data
- D . To determine what policy settings to modify in the Symantec Endpoint Protection Manager (SEPM)
- E . To determine the best cleanup method
Which SEP technologies are used by ATP to enforce the blacklisting of files?
- A . Application and Device Control
- B . SONAR and Bloodhound
- C . System Lockdown and Download Insight
- D . Intrusion Prevention and Browser Intrusion Prevention
What is the role of Insight within the Advanced Threat Protection (ATP) solution?
- A . Reputation-based security
- B . Detonation/sandbox
- C . Network detection component
- D . Event correlation
What are two policy requirements for using the Isolate and Rejoin features in ATP? (Choose two.)
- A . Add a Quarantine firewall policy for non-compliant and non-remediated computers.
- B . Add a Quarantine LiveUpdate policy for non-compliant and non-remediated computers.
- C . Add and assign an Application and Device Control policy in the Symantec Endpoint Protection Manager (SEPM).
- D . Add and assign a Host Integrity policy in the Symantec Endpoint Protection Manager (SEPM).
- E . Add a Quarantine Antivirus and Antispyware policy for non-compliant and non-remediated computers.
Which section of the ATP console should an ATP Administrator use to evaluate prioritized threats within the environment?
- A . Search
- B . Action Manager
- C . Incident Manager
- D . Events
Which stage of an Advanced Persistent Threat (APT) attack does social engineering occur?
- A . Capture
- B . Incursion
- C . Discovery
- D . Exfiltration
Why is it important for an Incident Responder to analyze an incident during the Recovery phase?
- A . To determine the best plan of action for cleaning up the infection
- B . To isolate infected computers on the network and remediate the threat
- C . To gather threat artifacts and review the malicious code in a sandbox environment
- D . To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident
Which two database attributes are needed to create a Microsoft SQL SEP database connection? (Choose two.)
- A . Database version
- B . Database IP address
- C . Database domain name
- D . Database hostname
- E . Database name
Latest 250-441 Dumps Valid Version with 70 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
